Lucene search

MitreCVE-2012-3800

HistoryJun 27, 2012 - 12:55 a.m.

CVE-2012-3800

2012-06-2700:55:06

CWE-79

mitre

web.nvd.nist.gov

cve-2012-3800

cross-site scripting

xss vulnerability

organic groups

og module

drupal

vertical tabs

nvd

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.

Affected configurations

Nvd

Node

moshe_weitzmanorganic_groupsMatch6.x-2.0

moshe_weitzmanorganic_groupsMatch6.x-2.0rc1

moshe_weitzmanorganic_groupsMatch6.x-2.0rc2

moshe_weitzmanorganic_groupsMatch6.x-2.0rc3

moshe_weitzmanorganic_groupsMatch6.x-2.1

moshe_weitzmanorganic_groupsMatch6.x-2.2

moshe_weitzmanorganic_groupsMatch6.x-2.3

moshe_weitzmanorganic_groupsMatch6.x-2.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.0cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.1cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.2cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.3cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*
moshe_weitzmanorganic_groups6.x-2.xcpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:::::::*
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1::::::
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2::::::
moshe_weitzman	organic_groups	6.x-2.0	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3::::::
moshe_weitzman	organic_groups	6.x-2.1	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:::::::*
moshe_weitzman	organic_groups	6.x-2.2	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:::::::*
moshe_weitzman	organic_groups	6.x-2.3	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:::::::*
moshe_weitzman	organic_groups	6.x-2.x	cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupal.org/node/1619736

drupal.org/node/1619810

drupalcode.org/project/og.git/commitdiff/d48fef5

secunia.com/advisories/49397

www.openwall.com/lists/oss-security/2012/06/14/3

www.osvdb.org/82712

www.securityfocus.com/bid/53838

exchange.xforce.ibmcloud.com/vulnerabilities/76149

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Related for CVE-2012-3800